More than $600 million has been lost from crypto hacks within the first few months of 2026, the majority of which is linked to two attacks by North Korean hacking groups. The most significant of the two attacks is the $293 million hack of Kelp DAO, which was carried out in April through a point-of-trust vulnerability on the LayerZero messaging system.
Days after the above attack, Drift Protocol was targeted in a second attack, causing a loss of $280 million. Hackers aren’t just out to take what they can. Instead, they know where to look and how to find it.
North Korean hackers use AI in social engineering
The third incident involving the DPRK, disclosed by crypto wallet Zerion on April 15, showed an entirely different strategy. The hackers used AI in a sustained social engineering campaign, ultimately stealing approximately $100,000 from Xerion’s hot wallet.
The dollar amount is nominal; The method is indicative. Separately, on April 6, a threat actor named “Jinkusu” was reported to be selling tools using deepfakes and voice manipulation to bypass KYC checks at exchanges and banks.
Natalie Newson, a senior blockchain investigator at CertiK, says AI will worsen the threat environment “in some aspects,” but it is not without defensive benefits. Their immediate guidance: Verify every URL and smart contract before interacting and remove inactive assets from exchanges entirely.
“Using a cold wallet allows you to sign transactions without exposing your private keys,” he said. Supply chain attacks alone caused $1.45 billion in losses in just two incidents in 2025, including the $1.4 billion Bybit hack.
AI is also getting involved on the defensive front. Anthropic recently launched a program called Cloud Mythos in beta version for some tech companies, which reportedly identifies flaws in major operating systems.
The US Treasury Department, Office of Cybersecurity and Critical Infrastructure Protection said on April 9 that they will begin using their threat assessment project to evaluate digital asset companies as their infrastructure becomes the equivalent of financial ones.
